Requestable products
Requestable products in the IT Shop are company resources such as target system groups, software, and non-IT resources after they have been assigned to a shelf. The following company resources can be assigned to shelves as requestable products.
Table 2: Requestable products
Groups and system entitlements of custom target systems |
Target System Base Module |
One Identity Manager Target System Base Module Administration Guide |
Active Directory groups |
Active Directory Module |
One Identity Manager Administration Guide for Connecting to Active Directory |
SharePoint groups and SharePoint roles |
SharePoint Module |
One Identity Manager Administration Guide for Connecting to SharePoint |
HCL Domino groups |
Domino Module |
One Identity Manager Administration Guide for Connecting to HCL Domino |
LDAP groups |
LDAP Module |
One Identity Manager Administration Guide for Connecting to LDAP |
SAP groups, SAP roles, and SAP profiles |
SAP R/3 User Management Module |
One Identity Manager Administration Guide for Connecting to SAP R/3 |
SAP structural profiles |
SAP R/3 Structural Profiles Add-on Module |
One Identity Manager Administration Guide for SAP R/3 Structural Profiles Add-on |
SAP BI analysis authorizations |
SAP R/3 Analysis Authorizations Add-on Module |
One Identity Manager Administration Guide for SAP R/3 Analysis Authorizations Add-on |
E-Business Suite permissions |
Oracle E-Business Suite Module |
One Identity Manager Administration Guide for Connecting to Oracle E-Business Suite |
Azure Active Directory group, Azure Active Directory administrator roles, Azure Active Directory role assignments, Azure Active Directory role permissions |
Azure Active Directory Module |
One Identity Manager Administration Guide for Connecting to Azure Active Directory |
Google Workspace groups, Google Workspace products and SKUs, Google Workspace Admin role assignments |
Google Workspace Module |
One Identity Manager Administration Guide for Connecting to Google Workspace |
Cloud groups and system entitlements |
Cloud Systems Management Module |
One Identity Manager Administration Guide for Connecting to the Universal Cloud Interface |
PAM user groups |
Privileged Account Governance Module |
One Identity Manager Administration Guide for Privileged Account Governance |
OneLogin roles |
OneLogin Module |
One Identity Manager Administration Guide for Integration with OneLogin Cloud Directory |
API key requirements, password requirements, remote desktop application requirements, remote desktop session requirements, SSH key requirements, SSH session requirements, and Telnet session requirements. |
Privileged Account Governance Module |
One Identity Manager Administration Guide for Privileged Account Governance |
Resources |
Identity Management Base Module |
One Identity Manager Identity Management Base Module Administration Guide |
Multi-request resources |
Identity Management Base Module |
One Identity Manager Identity Management Base Module Administration Guide |
Account definitions |
Target System Base Module |
One Identity Manager Target System Base Module Administration Guide |
System roles |
System Roles Module |
One Identity Manager System Roles Administration Guide |
Subscribable reports |
Report Subscription Module |
One Identity Manager Report Subscriptions Administration Guide |
Software |
Software Management Module |
One Identity Manager Software Management Administration Guide |
Assignment resources |
Identity Management Base Module
Business Roles Module |
Use assignment resources to request any number of assignments to hierarchical roles or to delegate responsibilities through the IT Shop. One Identity Manager IT Shop Administration Guide, Assignment requests |
Software and system roles can also be requested for workdesks. The request's UID_Workdesk is given as additional information here (PersonWantsOrg.UID_WorkdeskOrdered).
Multi-request resources
The IT Shop distinguishes between single or multiple requestable products. Single request products are, for example, software, system roles, or Active Directory groups. These products cannot be requested if they have already been be requested for the same time period.
Furthermore, there may be company resources that are needed more than once, consumables, for example. You can find company resources such as these mapped in One Identity Manager as Multi-request resource or Multi requestable/unsubscribable resources.
Table 3: Resource types
Resources |
Resources that an identity (workdesk, device) may own just once.
The resources can be requested in the IT Shop just once. The resources are assigned to the identities after approval has been granted. They remain assigned until the request is unsubscribed. You can request them again a later point.
Example: phone, company car. |
QERResource |
Multi-request resources |
Resources that can be requested more than once in the IT Shop. Requests are automatically canceled once approved. The resources are not explicitly assigned to identities.
Example: resource for requesting remote desktop sessions for assets in a PAM system; consumables, such as pens, printing paper. |
QERReuse |
Multi requestable/unsubscribable resources |
Resources that an identity can request more than once in the IT Shop but must return them explicitly once they are no longer needed. The resources are assigned to the identities after approval has been granted. They remain assigned until the request is canceled.
Example: printer, monitor, Azure Active Directory role assignment |
QERReuseUS |
To set up multi-request resources and add them as products in the IT Shop
-
In the Manager, select the Entitlements > Multi-request resources for IT Shop category.
-
Click in the result list.
-
Edit the resource's main data.
- Save the changes.
-
Select the Add to IT Shop task.
In the Add assignments pane, assign a shelf.
TIP: In the Remove assignments pane, you can remove shelf assignments.
To remove an assignment
- Save the changes.
To set up multi requestable/unsubscribable resources and to add them as products to the IT Shop
-
In the Manager, select the Entitlements > Multi requestable/unsubscribable resources for IT Shop category.
-
Click in the result list.
-
Edit the resource's main data.
- Save the changes.
-
Select the Add to IT Shop task.
In the Add assignments pane, assign a shelf.
TIP: In the Remove assignments pane, you can remove shelf assignments.
To remove an assignment
- Save the changes.
For more information about multi requestable products, see the One Identity Manager Identity Management Base Module Administration Guide.
Preparing products for requesting
Company resources have to fulfill at least the following prerequisites before you can request them in the Web Portal:
-
The company resource must be labeled with the IT Shop option.
-
A service item must be assigned to the company resource.
-
The company resource must be assigned to a shelf as a product.
-
If the company resource is only assigned to identities using IT Shop requests, the company resource must also be labeled with the Only use in IT Shop option. This means that the company resource cannot be directly assigned to roles outside the IT Shop.
The Entitlements category displays all company resources that can be requested using the IT Shop. This includes software, system entitlements, system roles, account definitions, resources, multi-request resources, and assignment resources if the corresponding modules are installed.
You can prepare the company resources for requesting in the IT Shop if you are an IT Shop administrator and have logged in as role-based. You can assign service items, edit the IT Shop and Only use in IT Shop options and assign the company resources to IT Shop shelves.
To prepare company resources for requesting
-
In the Manager, select the Permissions category.
-
Navigate to the results list and select the company resource you want.
-
Select the Change main data task.
-
Enable the IT Shop option.
-
Assign a new service item in the Service item field.
To add a new service item, click . Copy the name of the company resource as identifier for the service item. Enter the other properties on the service item main data form.
- Save the changes.
-
Select the Add to IT Shop task.
-
In the Add assignments pane, assign the company resource to shelves.
- Save the changes.
Customer keep their requested products on the shelf until they unsubscribe them. Sometimes, however, products are only required for a certain length of time and can be canceled automatically after this time. There are other settings required to provide limited period products.
Detailed information about this topic
Entering service items
In order to request company resources in the Web Portal, a service item must be assigned to them. Service items contain additional information about the company resources. For example, you can specify article numbers, request properties, product supervisors, or approvers for requests. A service catalog can be put together from the service items the Web Portal. These contain all the requestable products. You can use service categories, tags, and service item names to find the product in the service catalog.
To create or edit service categories
-
In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > <service category> category.
- OR -
In the Manager, select the IT Shop > Service catalog > Hierarchical by service categories > Singles category.
-
In the result list, select the product's service item and select the Change main data task.
- OR -
Click in the result list.
-
Enter the service item's main data.
- Save the changes.